Symantec Uncovers Sophisticated Spying Malware Regin

Researchers at computer security firm Symantec have just released a new report about the latest new digital threat. The malware is called Regin, and it's a doozy.

The first big takeaway from Symantec's report is that this isn't just a run-of-the-mill virus; Regin operates in five modular stages, each encrypted except for the initial stage. Tracking down the malware and figuring out what it does means locating all of the malware's modules.

In comparison to most viruses, Symantec's researchers say Regin is "groundbreaking and almost peerless. ... The level of sophistication and complexity of Regin suggests that the development of this threat could have taken well-resourced teams of developers many months or years to develop and maintain."

Article Continues Below

Regin's been out in the wild since at least 2008, and it's been busy. The researchers estimate Regin has infected systems in 10 different countries — primarily Russia and Saudi Arabia — and has mainly targeted telecoms infrastructure, private individuals and small businesses.

The sophistication of the virus and its choice of targets has lead to the inevitable comparisons between Regin and state-sponsored viruses like Stuxnet, the super-sophisticated malware which was blamed in 2012 for the destruction of Iranian nuclear centrifuges. (Video via Vimeo / Patrick Clair)

And like Stuxnet, Regin was most likely developed by an advanced nation — Symantec researchers don't name any names, but the U.S. and China are likely suspects.

Regin doesn't seem to be designed for a physical attack, though — it's mostly been gathering data. One researcher told ReCode Regin is part of "a huge spying campaign" conducted by a "government that is technically advanced."

It's still not entirely clear how Regin is spread, but Symantec suspects that phony websites are to blame for most infections. The researchers hope further investigation will reveal how the virus spreads and what it's capable of.